Le dim 12/10/2003 à 17:10, Joel Newkirk a écrit :
> > PS : there's no RELATED packets in HTTP ;)
> Not precisely true - there are ICMP messages that may arrive in response
> to HTTP requests that are RELATED.
Absolutely true. Should have been more precise.
I was meaning no RELATED on TCP/80 using HTTP, so first case WWW_CH
chain would never see a RELATED packet :
${IPT} -A INPUT -p tcp --dport 80 -j CH_WWW
${IPT} -A CH_WWW -m state --state ESTABLISHED,RELATED -j ACCEPT
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
